[systemd-devel] [PATCH] sd-pam: Drop uid so parent signal arrives at child.

[Lennart Poettering]

On Thu, 17.05.12 12:17, Auke Kok (auke-jan.h.kok at intel.com) wrote:

> The PAM helper thread needs to capture the death signal from the
> parent, but is prohibited from doing so since when the child dies
> as normal user, the kernel won't allow it to send a TERM to the
> PAM helper thread which is running as root.
> 
> This causes the PAM threads to never exit, accumulating after
> user sessions exit.
> 
> There is however really no need to keep the PAM threads running as
> root, so, we can just setresuid() to the same user as defined in the
> unit file for the parent thread (User=). This makes the TERM signal
> arrive as normal. In case setresuid() fails, we ignore the error, so
> we at least fall back to the current behaviour.

Applied. In the long run we probably should reshuffle all of this so
that the pam stuff is moved outside of the systemd binary and is
implemented via an explicit wrapper tool. The fact that the pam thingy
currently is a child of the main process is kinda neat, but probably not
the best choice after all.

We shouldn't leave long running children of PID 1 around that have not
exec()'ed to another binary, since they might cause unnecessary
pagefaults in PID 1. hence the idea of splitting this into its own
binary.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.